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The Sender creates the message content (Mai! Content) and selects a random 
encryption key (SymmetricKey). Both MailContent and SymmetricKey should be kept by 
the Sender in order to verify the validity of the certified receipt later 
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The Sender sends to the Recipient the certified mail defined as: 
CertifiedMail = PKE(RemailerPubl!cKey, CertMailHeader)+ CertMailBody 
where: 

CertMailHeader = Message ID+SymmetrbKey: 

CertMailBody = HASH(SymmetricKey)+ SKE(SymmetricKey t MailContent); 
Message ID = HASH(CertMailBody); 
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After receiving CertifiedMail, the Recipient sends a receipt to the Remailer: 
ReceiptSentToRemailer + PKE(Remailer PublicKey, CertMailHeader)+ 

HASH(Symmetric Key)+ SignedReceipt 
Where: SignedReceipt = SIGNED(Recip:entPrivateKey, Message ID2) and 
Message ID2 is the message ID the Recipient computed from the received 
message according to: MessagelD2 = HASH(CertMailBody); 
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The Remailer processes ReceiptSentToRemailer as the following: 

a) Decrypts PKE(RemailerPublicKey, CertMailHeader) to obtain 

SymmetricKey and MessagelD from CertMailHeader. 

b) Verifies SignedReceipt using the public key of the Recipient. 

c) Verifies that MessagelD obtained from CertMailHeader is exactly the same 

as MessagelD2 in SignedReceipt. 

d) Verifies that HASH (SymmetricKey) in the ReceiptSentToRemailer agrees 

with the HASH computed from SymmetricKey in CertMailHeader. 

e) If all the verifications succeed, send the SignedReceipt to the Sender. 

f) If sending receipt to the Sender succeeds, send the Symmetric Key to the Recipient. 



The Recipient decrypts SKE(SymmetricKey, MailContent) using the SymmetricKey 
received from the Remailer to obtain MailContent. 



After receiving the SignedReceipt, the Sender is able to prove that the recipient has 
received the exact MailContent by demonstrating: 

a) The Recipient's signature signed SignedReceipt can be verified using Recipient's 

public key. 

b) The MessagelD2 in the SignedReceipt agrees with the hash of CertMailBody 
reconstructed from SymmetricKey and MailContent the Sender has kept. 



Fig. 2 
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The Sender creates the message content (MailContent) and selects a random 
encryption key (SymmetricKey) 



The Sender constructs CertMailBody and computes Message ID CertMailBody 
CertMailBody = HASH(SymmetricKey) + SKE(SymmetricKey, MailContent); 
MessagelD = HASH(CertMailBody); 

Then, the Sender sends MessagelD, SenderAddress, RecipientAddress, and 
RemailerAddress to the TSC Server to retrieve a TSC for the sending time. 



The TSC Server issues a TSC for the sending time: 

SendTSC = SIGNED(TSCServerPrivateKey, MessagelD + SendTime + 

Senderlnfo + Recipientlnfo +RootCertificiate); 
where (see the text descriptions for possible variations): 
Senderlnfo = SenderAddress + SenderPublicKey 
Recipientlnfo = RecipientAddress + RecipientPublicKey 
Remailerlnfo = RemailerAddress + RemailerPublicKey 



Step 

404 1 The Sender verifies SendTSC, constructs the signed certified mail header: 

SignedCertMailHeader = SIGNED(SenderPrivateKey,SendTime + MessagelD 

+ SymmetricKey) 
and then sends the Recipient the certified mail defined as: 
CertifiedMail = PKE(RemailerPublicKey, SignedCertMailHeader) + 
+PKE(RecipientPublicKey, SignedCertMailBody); 

where: 

SignedCertMailBody = SIGNED(SenderPrivateKey, CertMailBody +SendTSC). 
The Sender also keeps a "carbon copy" of the certified message: 
CarbonCopy = PKE(SenderPublicKey, SignedCertMailHeader) + 
+PKE(SenderPublicKey, SignedCertMailBody); 
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After receiving CertifiedMail, the Recipient decrypts the second part to obtain 
SignedCertMailBody, verifies it, computes MessagelD2 = HASH(CertMailBody), 
and then sends MessagelD2, RecipientAddress, SenderAddress, 
and RemailerAddress to TSC Server to retrieve a TSC for the receiving time. 



Continue to Fig. 4b 



Fig. 4a 
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The TSC Server issues a TSC for the receiving time: 
Receive TSC = SIGNED(TSCServerPrivateKey,MessagelD2+ 
ReceiveTime + Recipientlnfo + Senderlnfo + Remailerlnfo + RootCertificate); 



The Receiver verifies the ReceiveTSC and sends a receipt to the ReMailer : 
ReceiptSentToRemailer = PKE(RemailerPub!icKey f SignedCertMailHeader) + 

PKE(RemailerPublicKey v HASH(Symmetric) + ReturnSessionKey + 

SignedReceipt), where: 
SignedReceipt = SIGNED(RecipientPrivateKey f SendTSC + ReceiveTSC) 



The Remailer decrypts ReceiptSentToRemailer to obtain SignedCertMailHeader, 
HASH(SymmetricKey), and SignedReceipt. Then, the Remailer conducts a series 
of verification steps to ensure that the SignedCertMailHeader, SignedReceipt, 
SentTSC, ReceiveTSC are all valid and the data contained in them are all 
consistent. If all the verifications succeed, the Remailer sends the Sender 
CertifiedReceipt = PKE(SenderPubiicKey, SignedReceipt) and 
sends SKE(ReturnSessionKey, SymmetricKey) to the Recipient. 



The Recipient decrypts SKE(ReturnSessionKey, SymmetricKey) received from 
the Remailer to recover SymmetricKey and then use it to decrypt 
SKE(SymmetricKey, MailContent) to obtain MailContent. 



After receiving CertifiedReceipt, the Sender is able to prove that the 
MailContent existed at SendTime and is delivered to the recipient at ReceiveTime 
by demonstrating: 

a. The Recipient's signature in SignedReceipt can be verified using 

RecipientPublicKey in receive TSC. 

b. The MessagelD or Message ID2, in Signed Receipt.SendTSC, ReceiveTSC, 

all agrees with the hash of the CertMailBody recovered from the Carbon 
Copy, kept by the Sender during Step 404 above. 

c. Senderlnfo, Recipientlnfo, Remailerh'o in both SendTSC and ReceiveTSC are 

are all consistent. 

d. The signatures in TSC and ReceiveTSC can be verified using TSC Server's 

public key in the RootCertificate, and the RootCertificate can be verified 
using the root public keys. 

e. SendTSC in CarbonCopy is the same as the one in the SignedReceipt 



Fig. 4b 



